Innovaphone MyPBX UC Client

Add Innovaphone MyPBX UC-Client as the client interface to XPhone Connect Directory. LDAP is used as interface.

Requirements

  • Innovaphone IP232 - Version: 11r1sr1 11r2sr10

  • Innovaphone myPBX UC Client - Version: 12r1

1. Basic settings

In this step, you can determine the basic settings for the client interface. You can allocate a name and a description and specify whether the client interface is connected automatically upon starting of the XPhone Connect Directory.

  1. Name

    Enter a name for the client interface you want to add. This name is later displayed in the XPhone Connect Directory administrator interface.

  2. Description

    As an option, enter a description of the client interface. Here you can enter an extended description that provides further information about the client interface.

  3. Activate automatically upon start of the XPhone Connect Server

    If you do not want the client interface to be connected upon start of the XPhone Connect Server, uncheck the corresponding box (default setting: aktiv ).

2. IP & Port

A large part of the client interface is based on protocols (e.g. LDAP) which require an IP address and a port for operation. This step enables you to specify the connection settings for the client interface. You can enter an IP address and a port number via which the users can access the XPhone Connect Server with their clients (application or device). They can add new connection settings add_button_green, edit existing connection settings edit and delete existing connection settings delete.

Adding connection settings

  1. add_button_green Add

    Add a new connection setting by clicking on Add. The dialogue box Edit binding opens.

  2. Type

    In the TYPE field, select a protocol (LDAP / LDAPS) via which you want to make a connection from the client interface to the XPhone Connect Server.

  3. IP address

    If your XPhone Connect has several IP addresses, you have the following options:

    • Select IP ADRESS field, enter a certain IP address via which the users shall access the XPhone Connect Server.

    • Select * (All), if you want to allow access to the XPhone Connect Server via all IP addresses.

    • or select the entries from the dropdown menu; to do this, click on the arrow arrowdown.

    Users accessing the XPhone Connect Server ith their client (application or device), must know the IP address(es) of the XPhone Connect Server to be able to access contact data.

  4. Port

    Enter the port number here via which the XPhone Connect Server can be reached.

  5. OK

    Click on Ok to apply the settings. Make additional settings for the client interface.

Editing connection settings

  • edit Edit

    Mark the connection you want to edit and click Edit. Proceed as described above (add_button_green Add from point 2.).

Deleting connection settings

  • Mark the connection you want to delete.

  • Click on Delete delete.

3. Authentication

This step allows you to specify how users log in to the XPhone Connect Server with your clients (application or device). Please note that not all authentication options may be available depending on the client interface.

  1. Login not required

    Check the corresponding box Login not required, if the users do not need to authenticate at the XPhone Connect Server. It is not verified who accesses the XPhone Connect Server. If you have limited access via authorizations when configuring the data sources, users cannot access all data when this check box is activated.

  2. Provide name and password

    Activate the Provide name and password check box if users are subject to authentication via their user name and password. This authentication method allows you to select which login data are requested:

    • Users can log in by providing their XPhone Connect Server login data or by providing their Active Directory login data. The fields USER NAME and PASSWORD must remain EMPTY here.

    • Users must enter a predefined user name and password. Specify a user name in the USER NAME field and a password in the PASSWORD field.

    • Inform the users about their user name and password.

Activate the Integrated Windows login check box (not available for all client interfaces), if you want to use the Windows login data of the users. The login data is provided automatically when users access the XPhone Connect Server. The users do not need to enter their login data when accessing a client.

Hint

Iif users enter their login data from the Active Directory when accessing a client interface, the user name must be entered in the format <Domain>\<User name>.

4. Alternative identity

XPhone Connect Directory can dynamically change the user context within an LDAP query. This enables access to personal contact data by specially adapted applications via LDAP. Along with the suitable security settings, the LDAP client must ensure that no abuse is possible.

  1. Identification feature

    If you want to use the alternative identity, enable the Activate alternative identity via filter condition in the LDAP query option and then select how the users should be authenticated via Identification feature. The authentication of the user takes place via the LDAP filter element :authentication:=<value>. For this purpose, an attempt is made with each search query to find the value <value> in the user data of the Active Directory or in the XPhone Connect Server user administration.

  2. Security info

    Be sure to read and confirm the safety instructions.

    Caution

    The Alternative identity is only required if…

    • …data sources for personal contact data are set up…

    • …and the LDAP clients are not able to authenticate the owner of the personal contact data via the LDAP login. This is usually the case when dealing with server applications or PBXs.

    XPhone Connect Directory therefore offers the possibility that these applications include in the LDAP query the identity of the user for whom the query is executed. The identity is determined by any user-specific feature known to the LDAP client and which is checked against an attribute in the Active-Directory or in the XPhone Connect Server user administration (e.g. phone number, MAC address, user name).

    Use the Alternative identity option to deactivate XPhone Connect Directory authentication security for this client interface. For this reason, please note the following:

    1. The LDAP client must make the authentication.

      The LDAP client (e.g. a PBX, an end device or another server application) accessing this client interface must ensure that this identification feature is used correctly and by authenticated users only. This means that the LDAP client is responsible for authentication.

    2. Protecting the LDAP client from unauthorised access.

      If an LDAP client is unable to perform authentication, it must be ensured that no unauthorised access (especially to the configuration) is possible in this function. If it is possible to configure the client without authorisation in such a way that an “incorrect” identification feature can be integrated in the query, confidentiality of the contact data is no longer guaranteed in personal contact data directories.

    3. Protecting the connection between the LDAP client and XPhone Connect Directory.

      The connection between the LDAP client and Virtual Directory must be secured as follows:

      • Set up a TCIP/IP connection only via SSL (LDAPS) (see client interface configuration “IP & Port”).

      • Activate the login via Name/Password under Authentication in the client interface configuration. In any case, please select a password of sufficient length. We recommend at least 30 characters in random order as well as the use of special characters and numbers. Deactivate Anonymous login.

      • Restrict the range of permissible IP addresses by making the corresponding settings in Security in the client interface configuration.

      • Where possible, restrict access to the network connection by using VLANs or via appropriate configuration of switches, gateways and firewalls. Under no circumstances should you operate secure and insecure clients at the same client interface.

If in doubt, dispense with the Alternative identity” function.

When using the alternative identity, the client (Innovaphone phone or MyPbxUc softclient) must transfer a user-specific value (e.g., the SAMAccountName) to the XPhone Connect Directory so that the user’s associated private contacts can be included in search queries.

The user-specific value is to be entered in the Innovaphone Directories configuration of the External LDAP Server in the Search Base input field.

User-specific specifications are enabled by Innovaphone through configuration templates.

5. Safety

This step allows you to specify whether you wish to allow access to the XPhone Connect Directory for certain client IP addresses only. You can provide individual IP addresses for clients or specify IP address areas for clients authorized to access the XPhone Connect Directory. You can add new IP addresses or IP address areas, edit existing IP addresses or IP address areas and delete existing IP addresses or IP address areas.

Adding IP addresses

  1. Limiting access to

    Activate the check box Limit access to make safety settings.

  2. add_button_green Add

    Click on Add. The dialogue IP address / IP address area opens.

  3. IP address / IP address area

    From the selection list, select whether you want to permit access to an individual IP address or for an IP address area. Enter the IP address or IP address area in the respective field.

  4. Click on Ok to apply the settings.

Editing IP addresses

  1. Highlight the IP addresses or the IP address area and click on edit Edit.

  2. Proceed as described above (add_button_green Adding from point 2).

Deleting IP addresses

Click on Delete delete. If the list no longer contains any IP addresses or an IP address area, deactivate the check box Limit access to. The client interface will be inaccessible although access is not restricted.

6. Search

In this chapter, you can determine whether data source prioritisation is active and how public directories are to be included.

  • Including priority of data source

    Activate the check box to activate data source prioritisation.

Public directories

  1. Including in caller identification

    If public directories are to be included for the caller identification, activate this check box.

  2. Search during contact search

    Setting to define whether and how public directories are to be used for the contact search (Always / Never / Only for searches starting with a dot).

7. Telephone number conversion

This step enables you to specify a dialling parameter for each data source or client interface with which automatically completes phone numbers as required with the XPhone Connect Directory. The XPhone Connect Directory uses dialling parameters to standardize the phone numbers of contacts from various data sources; in other words, to give them a uniform format. This is the only way to ensure that the users find the correct contact data during a search.

  1. Select a telephone number conversion

    Here, you select the dialling parameter describing the telephone number format at the location of the users who use this client interface. It is used, for example, to convert a telephone number in international format into the shortest possible display form to achieve the best possible readability for the user.

  2. Selecting the format

    Select a format from the list in which the telephone numbers are to be displayed.

8. Limitation of search results

In this step, the maximum number of hits can be specified.

  • Restricting the number of hits relieves the data sources connected. Too many search results cannot be recorded by users and are an indication of too extensive search criteria

9. Overview

In this step, you can check the settings you made for the client interface. Make sure that all settings made are correct.

How to complete the configuration

  1. Click on Save to complete the configuration and to add the client interface to the XPhone Connect Directory.

  2. Click Cancel to discard the configuration.

  3. Continuing with field allocation

    fieldmapping

    Click on Continue with field allocation to adapt the allocation of the fields of the XPhone Connect Directory allocation scheme to the fields of the client interface.

    • If you created a new configuration, you will be asked to save the configuration first.

    • If you opened a new configuration, you can continue with the allocation.

10. Innovaphone configuration

An external LDAP server can be configured via the Innovaphone PBX administration. The IP and client interface port as well as the authentication data must be entered there.

  • Search base:

    To access the personal contacts using the alternative identity, it is necessary to transport a user-specific feature in the search query, e.g. the domain name of the user (sAMAccountName). This feature is stored in the user-specific Innovaphone LDAP configuration in the Search Base input field. The client interface handles this special case automatically. The configured search base is only evaluated in the case of the activated alternative identity. If you do not use a “personal contacts” data source, set vdir=VDir as the search base.

  • Object Filter: 1=1

  • Full-text searches involve searches in NameAttributes.

  • When a phone number is entered, searches are conducted in both Name Attributes and Number Attributes.

  • Searches are only carried out in Number Attributes for detecting incoming calls.

  • The Detail Attributes in the Innovaphone devices are shown when depicting a contact.

  • The LDAP directory can also be entered directly in IP 232.

Have you found an mistake on this page?

Please send us a hint about this error by mail to doku@c4b.de. Thank you very much!